Running the gauntlet of security exploits

Abstract

Developers focus on providing functionality, not on security. In contrast to security personnel who are paid to stop bad things from happening, developers' contribution to the value chain is in building enabling technology. Despite increasing malicious targeting and exploitation of applications, this priority is correct. Nonetheless, these trends are forcing the software industry to re-examine the way software is built, shipped and deployed. The traditional approach of securing the perimeter is proving to be inadequate. It is apparent that developers have to take their share of the responsibility for improving application security. In this talk I present a vision of how they can do so without cutting themselves loose from their economic basis. This vision has also inspired the curriculum design of the secure application development courses that secappdev.org have been running since 2005 (http://secappdev.org).

The talk urges developers to run the gauntlet of security exploits, which is both testing and liberating. The security mindset challenges received wisdom and explores what happens beyond the boundaries of expected use. It encourages developers to exploit their subversive streak.

secappdev.org is a non-profit organization dedicated to improve security awareness and skills in the developer community.

Speaker

Johan Peeters